Half Of UK Businesses Have Fallen For Phishing Attacks

Almost half of all British organisations have fallen victim to phishing attacks in the last two years, with larger businesses the most likely to been compromised, despite also being most likely to conduct cyber security training for staff. 

Research by security company Sophos has found that 45 percent of UK organisations were compromised by phishing attacks between 2016 and 2018, and that 54 percent had identified instances of employees replying to unsolicited emails or clicking the links in them.

Phishing emails are a common attack technique deployed in hacking campaigns, with hackers attempting to lure victims into downloading malware or entering sensitive credentials into a phony version of a website, such as a bank, a retailer, or a fake login page of the target organisation's own email system.

The attacks sound simple, but they're often deployed as the first step in campaigns by groups ranging from cyber-criminal gangs looking to make money, to nation-state-backed hacking groups looking to conduct espionage or cause disruption.
Even if there hasn't been any immediate or obvious damage, there's the potential for attackers to have gained persistent access to target networks, especially if the victim hasn't done anything to counter the attack.

"It's difficult to assess how successful attacks are being exploited. It could be anything from simple credential theft to a network compromise leading to a data breach and everything in between," John Shier, senior security expert at Sophos told ZDNet. 

There's also the potential that the attackers could gain further ground if there are instances of password re-use by the victim, which is why security professionals recommend that multi-factor authentication is applied across the enterprise.

"Regardless of the end goal, it's important to understand that once a cyber-criminal has your credentials, as far as the authentication systems know, they are you. This is why two-factor authentication is a must for all your accounts," said Shier.

While cyber criminals attack organisations of all sizes, the Sophos study, undertaken by Sapio Research, suggests that it's larger organisations that are more likely to fall victim to a phishing attack: 54 percent of organisations with between 500 and 1,000 employees have fallen victim to phishing in the past two years.

That figure drops to 39 percent for firms with 250 to 500 staff, and drops again to just 14 percent for businesses with under 250 people. While smaller firms are often said to be easier targets for hackers, it's likely that cyber criminals looking for a lucrative payday will be focusing their attentions on large organisations. However, with the threat that phishing poses, it's not something that any organisation of any size can afford to ignore, and senior executives should ensure their business has processes in place to attempt to prevent it from happening, as well as providing proper channels for employees to report suspected attacks.

"The reality is that 100 percent of organisations will be faced with fending off phishing attacks and unfortunately many attacks will succeed. Knowing that you've been compromised and reacting quickly is paramount," said Shier.

"Not only should organisations urge their users to report potential phishing attacks but also encourage a safe reporting environment for when users make a mistake," he added.

ZDNet:

For economic and accurate staff and management cyber security training that includes phishing security training please contact Cyber Security Intelligence.

You Might Also Read:

Hidden Truth About Cyber-Crime: Insider Threats

How To Develop Secure Cybersecurity Practices:

 

 

 

« Three In Five Politicians’ Websites Don’t Use Cyber Security
US Surveillance System Exposed By Snowden Goes Dormant »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ASIS International

ASIS International

ASIS International is a global community of security practitioners with a role in the protection of assets - people, property, and/or information.

Research Institute in Science of Cyber Security (RISCS)

Research Institute in Science of Cyber Security (RISCS)

RISCS is focused on giving organisations more evidence, to allow them to make better decisions, aiding to the development of cybersecurity as a science.

Devo Technology

Devo Technology

Devo Security Operations is a next-gen cloud SIEM that enables you to gain complete visibility, reduce noise, and focus on the threats that matter most to the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Enea

Enea

Enea is one of the world’s leading specialists in software for telecommunications and cybersecurity. Our products are used to enable services for mobile subscribers, enterprise customers and IoT.

comforte AG

comforte AG

comforte AG is a leading provider of data-centric security technology. Organizations worldwide rely on our tokenization and format-preserving encryption capabilities to secure personal, sensitive data

Sparrow

Sparrow

Sparrow specializes in application security testing solutions to cope with new technology trends such as cloud, mobile, and DevSecOps.

Cyber Protection Group (CPG)

Cyber Protection Group (CPG)

Cyber protection Group specialize in Penetration Testing. We work with enterprise level companies as well as small to medium sized businesses.

Stronghold Cyber Security

Stronghold Cyber Security

Stronghold Cyber Security is a consulting company that specializes in NIST 800, the Cybersecurity Framework and the Cybersecurity Maturity Model Certification.

FourthRev

FourthRev

FourthRev is an education-technology start-up with a mission to solve the skills crisis of the Fourth Industrial Revolution.

Accedian

Accedian

Accedian is a leader in performance analytics and end user experience solutions, dedicated to providing our customers with the ability to assure their digital infrastructure.

Cyber-Security Council Germany

Cyber-Security Council Germany

The German Cyber Security Council's objective is to consult businesses, government agencies and political decision-makers and to support them against cybercrime.

HTL Support

HTL Support

HTL Support, your trusted partner for comprehensive IT support in London. We specialize in delivering top-tier IT solutions tailored to both large enterprises and small businesses.

Knownsec

Knownsec

Knownsec provides customers with cloud defense, cloud monitoring, and cloud mapping products and services with "AI + security big data" as the underlying capability.

Sacumen

Sacumen

Sacumen is a niche player in the cybersecurity market, solving critical problems for security product companies.

Apex iQ (ApexiQ)

Apex iQ (ApexiQ)

ApexiQ is a continuous asset assurance platform that empowers you with the confidence to make better data-driven decisions and take automated action to reduce your risk.